Difference between revisions of "Iptables cheat sheet"

From MyLabWiki
Jump to: navigation, search
(Created page)
 
m
Line 12: Line 12:
 
   iptables -D INPUT -s a.b.c.d -j DROP
 
   iptables -D INPUT -s a.b.c.d -j DROP
  
Block and IP address for 60 seconds after 3 failed SSH login attempts<ref name="rackaid1">[http://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/ rackaid, Block SSH Brute Force Attacks with IPTables]</ref>:
+
Block and IP address after 3 failed SSH login attempts made within 60 seconds<ref name="rackaid1">[http://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/ rackaid, Block SSH Brute Force Attacks with IPTables]</ref>:
  
 
   iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
 
   iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

Revision as of 12:23, 28 June 2015

Applicable to Debian 8.

Blocking IP addresses

Permanently block an IP address[1]:

 iptables -A INPUT -s a.b.c.d -j DROP

Unblock IP address[1]:

 iptables -D INPUT -s a.b.c.d -j DROP

Block and IP address after 3 failed SSH login attempts made within 60 seconds[2]:

 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The reference[2] also gives info about how to set up logging.



References

  1. 1.0 1.1 nixCraft, How Do I Block an IP Address on My Linux server?
  2. 2.0 2.1 rackaid, Block SSH Brute Force Attacks with IPTables